The use of the Internet as a vehicle for communicating information and exchanging value electronically has resulted in the need for ensuring that such transactions take place in a secure manner. Not only is it imperative that the communication itself be secure but just as important is the need to ensure that information stored at a data center in a database be secured from tampering. For example, postage metering systems are now available whereby postage value in the form of an indicium can be obtained over the Internet. User accounts that are debited to pay for the downloaded postage are maintained in relational databases at a secure data center and are therefore secure from outsiders. However, there still exists the possibility that someone from within the data center could attempt to alter the postage account database records. The instant invention is directed to preventing such internal security attacks.
As discussed above, there are definite needs to secure the information stored in a database. In relational databases, data is stored as a database record. To protect the record, the confidential portion of a database record is encrypted, the record is digitally signed, and the signature is attached to the record. When it is required that information in a particular database record be changed, the manipulation of the database record is only performed in a cryptographic device(s) which holds cryptographic keys for encryption and which digitally signs the manipulated database record. There is also a need for a mechanism to protect against the ‘replay’ attack of a database record, i.e., an old but legitimate record is used to replace a newly updated record. Without such a replay protection mechanism, a cryptographic device cannot detect such an attack. This invention addresses the issue of replay attacks.